Psiphon security advisory: corrupted Windows authenticode signatures

Skip to first unread message

Aug 29, 2013, 2:29:58 PM8/29/13
A bug has been identified in Psiphon 3 for Windows versions 53 to 61 which caused the executable digital signature to be corrupted (an extra byte was added to the executable file) when the executable was extracted from an automated upgrade package.

This bug did not affect regular downloads (e.g., if you go to and download psiphon3.exe) or email attachments; in addition, the additional signature validation performed on automated upgrade packages remained intact.

In other words, only valid executables would be extracted and applied -- but the Windows authenticode signature would not appear after the extraction process. This would cause users to be unable to manually verify upgraded executables and also, in at least one reported case, cause anti-virus software to issue an alert concerning the executable's signature.

This bug is fixed in Psiphon 3 for Windows version 62, which will be available today.

Reply all
Reply to author
0 new messages